Firewall Wizards mailing list archives

Re: Attack on port 2140??

From: "Jayson Broughton" <jbroughton () allcovered com>
Date: Tue, 25 Jan 2000 10:57:40 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ruben,
Port 2140 is commonly used by Deep Throat, a remote administrator
tool gone bad.  Aka Trojan.
Common Connections for Deep Throat are:
60000 TCP, 6771 TCP, 6670 TCP, 3150 UDP, 3150 TCP, 2140 UDP, 2140
TCP, 41 TCP

You can either upate your Virus Definitions from your AV software
vendor, or you can get a Copy of a program called "The
Cleaner".  The site "http://www.moosoft.com/"; Gives you a free 30 day
trial version I believe.

The website listed below has The Cleaner too, just in case the above
address isn't working.  I personally have not downloaded
the cleaner from the below site.  But have used "The Cleaner" before
on afew of our computers.
http://staff.iinet.net.au/prk/trojan/


Ta ta for now,
Jayson Broughton
HQ-All Bases Covered
Network & Security Admin

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOI3yHqe75Wq9veF/EQK/cgCgyS/sy8SDPWuGim3A3wO8B+e3w90AoKmn
KbCZA/nBzUBhYMKL8S94ae4l
=f0Dl
-----END PGP SIGNATURE-----



Ruben Vandille wrote:

Hi there,

Since a week or something like that, someone/something tries to connect via
UDP to port 2140 of my computer...
I haven't found any information on possible attacks that use "remote port
2140"...

Does anybody know what is happening here?

Thanx in advance,

R.

Current thread:

Attack on port 2140?? Ruben Vandille (Jan 24)
- Re: Attack on port 2140?? K. Graham (Jan 25)
- Re: Attack on port 2140?? S. Jonah Pressman (Jan 26)
- Re: Attack on port 2140?? Jayson Broughton (Jan 27)
- Re: Attack on port 2140?? Jayson Broughton (Jan 28)
- <Possible follow-ups>
- RE: Attack on port 2140?? Michael J. Daveler (Jan 25)
- Re: Attack on port 2140?? Irwin R. Naumann (Jan 25)